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K (57)Abstract: 

PROBLEM TO BE SOLVED: To enable each communication network to perform 
communication without causing any difference between the control loads on the 
communication networks or using overlapping facilities. 

SOLUTION: The manager of a second communication network 20 transmits the 
host name and local address of a host computer 21 to a management device 35 
through the Internet 50. The device 35 assigns the global address corresponding 



(51)lnt.CI. 



to the received local address. Then the device 35 causes an NAT router 33 to 
hold an NAT table and a DNS 34 for VPN to hold DNS zone information. When a 
terminal 1 1 transmits data to the host computer 21 , the DNS 34 performs name 
resolution and answers the global address. The terminal 11 transmits the data by 
using the global address as the destination. The NAT router 33 transmits the 
data to the host computer 21 by returning the destination of the data to the local 
address. 
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CLAIMS 



[Claim(s)] 

[Claim 1] The first communication network which uses a local address, and the 
second communication network which uses a local address, It has the junction 
center from which the data which the first communication network and second 
communication network deliver and receive are relayed. A junction center The 
name resolution equipment which answers the global address corresponding to 
the local address of the equipment which the second communication network 
contains according to the demand of the name resolution from the first 
communication network, It has address translation equipment which changes the 
IP address which shows destination [ of the data to relay ], and transmitting origin. 
The first communication network The data which make the destination the global 
address which name resolution equipment answered, and are made into 
transmitting [ the local address of the equipment which the first communication 
network contains ] origin are transmitted to address translation equipment. 
Address translation equipment is communication system characterized by 
changing the global address used as the destination into a corresponding local 
address, changing into the global address of address translation equipment the 
local address which becomes a transmitting agency, and transmitting said data to 
the second communication network. 

[Claim 2] The second communication network is equipped with the host computer 
to which the local address was assigned. The first communication network The 
demand of the name resolution of a host computer is received from the terminal 
to which the local address was assigned, and a terminal. It has the name 



resolution demand repeating installation which relays said demand to the name 
resolution equipment of a junction center. Name resolution equipment According 
to the demand from name resolution demand repeating installation, the global 
address corresponding to the local address of a host computer is answered. A 
terminal The data which make the destination the global address which name 
resolution equipment answered, and make the local address of a terminal a 
transmitting agency are transmitted to address translation equipment. Address 
translation equipment Communication system according to claim 1 characterized 
by changing the global address used as the destination into the local address of 
a host computer, changing into the global address of address translation 
equipment the local address which becomes a transmitting agency, and 
transmitting said data to a host computer. 

[Claim 3] The first communication network is equipped with the first VPN 
equipment which transmits the data which the terminal transmitted by the virtual 
private network. The second communication network It has the second VPN 
equipment which receives the data which address translation equipment 
transmitted by the virtual private network. A junction center Communication 
system according to claim 2 characterized by having the fourth VPN equipment 
which performs data transfer by the virtual private network between the third VPN 
equipment which performs data transfer by the virtual private network between 
the first VPN equipment, and the second VPN equipment. 
[Claim 4] A junction center is equipped with the local address acquisition 
equipment which acquires the host name and local address of a host computer. 
Said local address acquisition equipment The global address of the host 
computer corresponding to the acquired local address is assigned. The 
information which shows the correspondence relation between a local address 
and a global address is made to hold to address translation equipment. Address 
translation equipment Communication system according to claim 2 or 3 which 
changes the global address used as the destination into a local address based 
on the information which shows the correspondence relation between a local 



address and a global address. 

[Claim 5] It is communication system given in any 1 term of claim 2 to the claims 
4 which a junction center is equipped with the local address acquisition 
equipment which acquires the host name and the local address of a host 
computer, and said local address acquisition equipment assigns the global 
address of the host computer corresponding to the acquired local address, make 
hold the information which shows the correspondence relation between a global 
address and the acquired host name to name resolution equipment, and perform 
a name resolution based on the information name resolution equipment indicates 
the correspondence relation between a global address and a host name to be. 
[Claim 6] A junction center is communication system given in any 1 term of claim 
1 to the claims 5 connected through the first communication network and second 
communication network, and Internet. 

[Claim 7] The terminal which the first communication network which uses a local 
address has Specify the host name of the host computer which the second 
communication network which uses a local address has, and a name resolution 
is required. The junction center from which the data which the first 
communication network and second communication network deliver and receive 
are relayed the demand of a name resolution Reception, The name resolution 
equipment which is arranged in the junction center and performs a name 
resolution answers the global address corresponding to the local address of a 
host computer according to the demand of a name resolution. The data with 
which a terminal makes said global address the destination, and makes the local 
address of a terminal a transmitting agency are transmitted. The address 
translation equipment which changes the IP address which is arranged in the 
junction center and shows destination [ of data ] and transmitting origin The 
correspondence procedure characterized by changing the global address used 
as the destination into the local address of a host computer, changing into the 
global address of address translation equipment the local address which 
becomes a transmitting agency, and transmitting the data which the terminal 



transmitted to a host computer. 

[Claim 8] A junction center is a correspondence procedure according to claim 7 
which transmits data by the virtual private network using the fourth VPN 
equipment corresponding to the second VPN equipment with which receives data 
and the second communication network is equipped by the virtual private 
network using the third VPN equipment corresponding to the first VPN equipment 
with which the first communication network is equipped. 
[Claim 9] It is the correspondence procedure according to claim 7 or 8 which a 
junction center assigns the global address of the host computer corresponding to 
the local address which acquired the host name and local address of a host 
computer, and was acquired, makes hold the information which shows the 
correspondence relation between a local address and a global address to 
address translation equipment, and changes into a local address the global 
address from which address translation equipment serves as the destination 
based on the information which shows the correspondence relation between a 
local address and a global address. 

[Claim 10] It is a correspondence procedure given in any 1 term of claim 7 to the 
claims 9 which a junction center assigns the global address of the host computer 
corresponding to the local address which acquired the host name and local 
address of a host computer, and was acquired, makes hold the information which 
shows the correspondence relation between a global address and the acquired 
host name to name resolution equipment, and perform a name resolution based 
on the information name resolution equipment indicates the correspondence 
relation between a global address and a host name to be. 

[Translation done.] 
* NOTICES * 
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DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention relates to the communication system and 
the correspondence procedure which enable the communication link between the 
communication networks which use a local address. 
[0002] 

[Description of the Prior Art] When communicating by TCP/IP, an IP address is 
used as the address which identifies a transmitting agency and a transmission 
place. There are a global address and a local address in an IP address. A global 
address is the globally unique address. On the other hand, a local address is the 
address uniquely defined in a specific communication network. 
[0003] A different communication network may use the same local address. 
When communicating in the communication networks which use the same local 
address, the local address cannot be used as it is. In this case, it is necessary to 
change the local address of one communication network, or to make a 
communication link possible using NAT (Network Address Translator) etc. 
[0004] Drawing 7 is the block diagram showing the example of the conventional 
communication system which communicates using NAT. The first communication 
network 110 and second communication network 120 are a communication 
network which uses a local address, respectively. The terminal 1 1 1 with which 
the first communication network 1 10 is equipped performs a communication link 
with other terminals in the first communication network 110 (not shown) etc. 
using a local address. The first communication network 110 performs a name 



resolution by DNS, in case it has DNS (Domain Name System) and a terminal 
1 1 1 communicates in the first communication network 1 10. A name resolution 
means specifying an IP address from a host name. In addition, illustration of DNS 
was omitted in drawing 7 . Similarly, the host computer 121 with which the 
second communication network 120 is equipped also communicates in the 
second communication network 120 using a local address. 
[0005] The communication link between the terminals 111 and host computers 
121 belonging to a separate communication network is explained. Here, a 
terminal 111 and a host computer 121 shall communicate by VPN (Virtual Private 
Network : virtual private network). 

[0006] The first communication network 110 and second communication network 
120 are connected through the third communication network 150, such as the 
Internet. The first communication network 110 is equipped with the VPN 
equipment 1 1 2 other than a terminal 1 1 1 or DNS. The second communication 
network 120 is equipped with a host computer 121, or the VPN equipment 122, 
DNS123 for VPN and the NAT router 124 other than DNS. VPN equipment 
1 12,122 is equipment which enables it to perform the communication link 
between the first communication network 110 and the second communication 
network 120 by the virtual private network. 

[0007] The global address used apart from a local address in case it 
communicates among other communication networks is temporarily assigned to 
a host computer 121. DNS123 for VPN memorizes correspondence with this 
global address and the host name of a host computer 121, and performs the 
name resolution of the host name of the host computer 121 specified by a 
terminal 111. That is, an IP address (global address) is specified from a host 
name. Correspondence with the IP address and host name which DNS and 
DNS123 for VPN hold is called DNS zone information. The NAT router 124 is a 
router which has an NAT function, and changes into a local address the global 
address which memorizes correspondence with the local address of a host 
computer 121, and a global address, and is contained in the data transmitted and 



received. 

[0008] A terminal 1 1 1 transmits data to a host computer 121 as follows. Through 
VPN equipment 112, the third communication network 150, and VPN equipment 
122, a terminal 1 1 1 notifies the host name of a host computer 121 to DNS123 for 
VPN, and requires a name resolution. According to this demand, the name 
resolution of DNS 123 for VPN is carried out, and it answers the global address of 
a host computer 121. A terminal 111 transmits data by making this global 
address into the destination. This data is sent to the NAT router 124 through VPN 
equipment 112, the third communication network 150, and VPN equipment 122. 
At this time, VPN equipment 1 12,122 transmits and receives data by the virtual 
private network. The NAT router 124 changes the global address used as the 
destination into the local address of a host computer 121 , and transmits it to a 
host computer 121. 

[0009] Here, although a terminal 1 1 1 and a host computer 121 show the case 
where it communicates by the virtual private network, terminals other than 
terminal 1 1 1 may transmit data, without using a virtual private network. The 
second communication network 120 is equipped with the access-control 
equipment which prevents an unjust invasion in many cases by passing only the 
data which fulfilled predetermined conditions in the second communication 
network 120. 
[0010] 

[Problem(s) to be Solved by the Invention] By performing conversion of a global 
address and a local address, the NAT router 124 can communicate now between 
communication networks. However, the management burden of the 
communication network of the side which must prepare DNS123 for VPN and 
NAT router 124 grade in the second communication network 120 which receives 
data, and receives data was large. When the manager of the first communication 
network 110 and the manager of the second communication network 120 are 
another, it is not desirable for one management burden to become large, noting 
that the manager of one communication network writes also with the case where 



the communication network of another side is also managed. This problem is 
produced also when changing one local address. 

[001 1] Moreover, from the second communication network 120, if data are 
transmitted to the first communication network 110, DNS for VPN and an NAT 
router will have to be formed also in the first communication network 1 1 0, and a 
facility will overlap. 

[0012] Furthermore, conventionally, according to modification of a local address 
etc., a setup of the NAT router 124 or DNS123 for VPN had to be updated, and a 
manager's burden was large. 

[0013] Moreover, when communicating between the first communication network 
110 and the second communication network 120 using a virtual private network, 
VPN equipment 1 12,122 had to be used as equipment of the same kind. That is, 
selection of VPN equipment had a limit. 

[0014] This invention aims at each communication network enabling it to 
communicate without not making the management burden of the manager of 
each communication network produce a difference, and overlapping a facility. 
Moreover, it aims at enabling it to update a setup easily according to modification 
of a local address etc. Moreover, it aims at enabling it to select VPN equipment 
for every communication network. 
[0015] 

[Means for Solving the Problem] The first communication network where a local 
address is used for the communication system by this invention, It has the 
junction center from which the data which the second communication network 
which uses a local address, and the first communication network and second 
communication network deliver and receive are relayed. A junction center The 
name resolution equipment which answers the global address corresponding to 
the local address of the equipment which the second communication network 
contains according to the demand of the name resolution from the first 
communication network, It has address translation equipment which changes the 
IP address which shows destination [ of the data to relay ], and transmitting origin. 



The first communication network The data which make the destination the global 
address which name resolution equipment answered, and are made into 
transmitting [ the local address of the equipment which the first communication 
network contains ] origin are transmitted to address translation equipment. 
Address translation equipment is characterized by changing the global address 
used as the destination into a corresponding local address, changing into the 
global address of address translation equipment the local address which 
becomes a transmitting agency, and transmitting data to the second 
communication network. 

[0016] The second communication network is equipped with the host computer to 
which the local address was assigned. The first communication network The 
demand of the name resolution of a host computer is received from the terminal 
to which the local address was assigned, and a terminal. It has the name 
resolution demand repeating installation which relays the demand to the name 
resolution equipment of a junction center. Name resolution equipment According 
to the demand from name resolution demand repeating installation, the global 
address corresponding to the local address of a host computer is answered. A 
terminal The data which make the destination the global address which name 
resolution equipment answered, and make the local address of a terminal a 
transmitting agency are transmitted to address translation equipment. Address 
translation equipment The global address used as the destination is changed into 
the local address of a host computer, the local address which becomes a 
transmitting agency is changed into the global address of address translation 
equipment, and data are transmitted to a host computer. 

[0017] The first communication network is equipped with the first VPN equipment 
which transmits the data which the terminal transmitted by the virtual private 
network. For example, the second communication network It has the second 
VPN equipment which receives the data which address translation equipment 
transmitted by the virtual private network. A junction center It has the fourth VPN 
equipment which performs data transfer by the virtual private network between 



the third VPN equipment which performs data transfer by the virtual private 
network between the first VPN equipment, and the second VPN equipment. 
According to such a configuration, since it is not necessary to use the first VPN 
equipment and the second VPN equipment as VPN equipment of the same kind, 
it becomes easy to select VPN equipment in each communication network. 
[0018] A junction center is equipped with the local address acquisition equipment 
which acquires the host name and the local address of a host computer, and 
local address acquisition equipment assigns the global address of the host 
computer corresponding to the acquired local address, make the information 
which shows the correspondence relation between a local address and a global 
address hold to address-translation equipment, and, as for address-translation 
equipment, it is desirable to change the global address used as the destination 
into a local address based on the information which shows the correspondence 
relation between a local address and a global address. According to such a 
configuration, the management burden of the information which shows the 
correspondence relation between a local address and a global address is 
mitigated. 

[0019] A junction center is equipped with the local address acquisition equipment 
which acquires the host name and the local address of a host computer, local 
address acquisition equipment assigns the global address of the host computer 
corresponding to the acquired local address, the information which shows the 
correspondence relation between a global address and the acquired host name 
is made to hold to name resolution equipment, and, as for name resolution 
equipment, it is desirable to perform a name resolution based on the information 
which shows the correspondence relation between a global address and a host 
name. According to such a configuration, the management burden of the 
information which shows the correspondence relation between a global address 
and a host name is mitigated. 

[0020] For example, a junction center is connected through the first 
communication network and second communication network, and Internet. 



[0021] The terminal which the first communication network which uses a local 
address has the correspondence procedure by this invention Specify the host 
name of the host computer which the second communication network which uses 
a local address has, and a name resolution is required. The junction center from 
which the data which the first communication network and second 
communication network deliver and receive are relayed the demand of a name 
resolution Reception, The name resolution equipment which is arranged in the 
junction center and performs a name resolution answers the global address 
corresponding to the local address of a host computer according to the demand 
of a name resolution. The data with which a terminal makes the global address 
the destination, and makes the local address of a terminal a transmitting agency 
are transmitted. The address translation equipment which changes the IP 
address which is arranged in the junction center and shows destination [ of data ] 
and transmitting origin It is characterized by changing the global address used as 
the destination into the local address of a host computer, changing into the global 
address of address translation equipment the local address which becomes a 
transmitting agency, and transmitting the data which the terminal transmitted to a 
host computer. 

[0022] For example, using the third VPN equipment corresponding to the first 
VPN equipment with which the first communication network is equipped, a 
junction center receives data by the virtual private network, and transmits data by 
the virtual private network using the fourth VPN equipment corresponding to the 
second VPN equipment with which the second communication network is 
equipped. According to such an approach, since it is not necessary to use the 
first VPN equipment and the second VPN equipment as VPN equipment of the 
same kind, it becomes easy to select VPN equipment in each communication 
network. 

[0023] A junction center assigns the global address of the host computer 
corresponding to the local address which acquired the host name and local 
address of a host computer, and was acquired, and makes the information which 



shows the correspondence relation between a local address and a global 
address hold to address translation equipment, and, as for address translation 
equipment, it is desirable to change the global address used as the destination 
into a local address based on the information which shows the correspondence 
relation between a local address and a global address. According to such an 
approach, the management burden of the information which shows the 
correspondence relation between a local address and a global address is 
mitigated. 

[0024] A junction center assigns the global address of the host computer 
corresponding to the local address which acquired the host name and local 
address of a host computer, and was acquired, and makes the information which 
shows the correspondence relation between a global address and the acquired 
host name hold to name resolution equipment, and, as for name resolution 
equipment, it is desirable to perform a name resolution based on the information 
which shows the correspondence relation between a global address and a host 
name. According to such an approach, the management burden of the 
information which shows the correspondence relation between a global address 
and a host name is mitigated. 
[0025] 

[Embodiment of the Invention] Hereafter, the gestalt of operation of this invention 
is explained with reference to a drawing. Drawing 1 is the block diagram showing 
one gestalt of operation of the communication system by this invention. The 
communication system of this example is equipped with the first communication 
network 10, second communication network 20, and network center 30. The first 
communication network 10 and second communication network 20 are a 
communication network which uses a local address, respectively. The network 
center 30 relays the data transmitted and received between the first 
communication network 10 and the second communication network 20. The first 
communication network 10, second communication network 20, and network 
center 30 are connected by the third communication network 50. The third 



communication network 50 shall be [ the following and ] the Internet. 
[0026] The first communication network 10 is equipped with a terminal 11, and 
the interior DNS 13 and VPN equipment (first VPN equipment) 12. The second 
communication network 20 is equipped with a host computer 21, and the interior 
DNS 23 and VPN equipment (second VPN equipment) 22. The equipment with 
which the first communication network 10 and second communication network 20 
are equipped is not limited to these equipments, but may hold other terminals 
and host computers. 

[0027] The interior DNS 13 holds the information (DNS zone information) which 
shows correspondence with the host name of each equipment and local address 
belonging to the first communication network 10. The interior DNS 13 performs a 
name resolution, in case the equipment (for example, terminal 1 1) belonging to 
the first communication network 10 communicates in the first communication 
network 10. If a name resolution is required of the interior DNS 13 about the host 
name (for example, host name of a host computer 21 ) which is not held, it will 
require a name resolution of DNS34 for VPN mentioned later. Actuation of the 
interior DNS 23 is the same as that of the interior DNS 13. Hereafter, the case 
where a terminal 1 1 transmits data to a host computer 21 is explained. 
[0028] The VPN equipments 12 and 22 communicate with the VPN equipment 
(third VPN equipment) 31 and the VPN equipment (fourth VPN equipment) 32 
with which the network center 30 is equipped, respectively by the virtual private 
network. 

[0029] In addition, the first communication network 10 and second 
communication network 20 have an accessible network (it is hereafter described 
as global network.), and the network (it is hereafter described as a private 
network.) which cannot be accessed from an external communication network 
from an external communication network. A terminal 11 and the interior DNS 13 
belong to the private network of the first communication network 10. A host 
computer 21 and the interior DNS 23 belong to the private network of the second 
communication network 20. The VPN equipments 12 and 22 belong to the global 



network in the second communication network for a start, respectively. 
[0030] The network center 30 is equipped with the VPN equipments 31 and 32, 
the NAT router 33, and DNS34 for VPN. VPN equipment 31 is as of the same 
kind VPN equipment as the VPN equipment 12 of the first communication 
network 10. Moreover, VPN equipment 32 is as of the same kind VPN equipment 
as the VPN equipment 22 of the second communication network 20. 
[0031] From the interior DNS 13 of the first communication network 10, DNS34 
for VPN answers the global address corresponding to a host name to the interior 
DNS 13, when the name resolution of a host name is required. DNS34 for VPN 
makes the global address changed from the local address of a host computer 21, 
and the host name of a host computer 21 correspond, and is held as DNS zone 
information. For example, the manager of the second communication network 
makes correspondence with the global address changed by the NAT router 33, 
and a host name hold to DNS34 for VPN. If the interior DNS 13 specifies a host 
name, DNS34 for VPN will answer the global address corresponding to a host 
name to the interior DNS 1 3. A terminal 1 1 transmits data to a host computer 21 
by making this global address into the destination. 

[0032] The NAT router 33 changes the local address of a host computer 21 into a 
global address, and holds the information which shows the correspondence 
relation between a local address and a global address. The local address of a 
host computer 21 is beforehand given to the NAT router 33 by the manager of 
the second communication network, and it changes this local address into a 
global address. 

[0033] If the NAT router 33 receives the data which make the global address of a 
host computer 21 the destination from a terminal 1 1 , it will return the destination 
to the original local address from a global address, and will transmit it to the 
second communication network 20. Moreover, the data received from a terminal 
1 1 are made into transmitting [ the local address (local address used in the first 
communication network 10) of a terminal 1 1 ] origin. The NAT router 33 changes 
a transmitting agency into the IP masquarade address of the NAT router 33 from 



the local address of a terminal 11. This IP masquarade address is used as a 
global address of the NAT router 33. 

[0034] In addition, the NAT router 33 holds beforehand the network address 
(global address space information) used as a global address of the second 
communication network 20. And the local address of a host computer 21 is 
changed into a global address using this network address. That is, a host 
computer 21 changes into the global address which shows that it belongs to the 
second communication network 20. The NAT router 33 is similarly changed 
based on the information on the address held beforehand, when changing the 
local address of a transmitting agency into the IP masquarade address of the 
NAT router 33. 

[0035] Drawing 2 is the explanatory view showing correspondence of the IP 
address changed by the NAT router 33. In case a terminal 1 1 transmits data to a 
host computer 21 , it makes the global address of a host computer 21 the 
destination, and makes the local address of a terminal 11 a transmitting agency. 
Moreover, this destination and transmitting origin is changed by the NAT router 
33, respectively, and a host computer 21 receives the data which make the local 
address of a host computer 21 the destination, and make a transmitting agency 
the global address (IP masquarade address) of the NAT router 33. The 
information which shows correspondence of a global address and a local 
address as shown in drawing 2 is called NAT table. 

[0036] A junction center is realized by the network center 30 in this example. 
Name resolution demand repeating installation is realized by the interior DNS 13. 
Name resolution equipment is realized by DNS34 for VPN. Address translation 
equipment is realized by the NAT router 33. 

[0037] Next, the actuation at the time of a terminal 11 transmitting data to a host 
computer 21 is explained. Drawing 3 is the flow chart showing the example of 
actuation of communication system. First, the host name of the transmission 
place (host computer 21) of data is inputted into a terminal 11 by the user (step 
S71). A terminal 11 requires the name resolution of the inputted host name of the 



interior DNS 13 (step S72). The interior DNS 13 does not have the information on 
the IP address corresponding to the host name of a host computer 21. Therefore, 
the interior DNS 13 relays the demand of the name resolution from a terminal 11 
to DNS34 for VPN, and commissions 34 for VPN a name resolution (step S73). 
In step S73, the interior DNS 13 transmits a host name through VPN equipment 
1 2, the third communication network 50, and VPN equipment 31 . The VPN 
equipments 12 and 31 deliver and receive a host name by the virtual private 
network. 

[0038] DNS34 for VPN performs a name resolution about the specified host 
name (step S74). In step S74, DNS34 for VPN extracts the global address 
corresponding to a host name from DNS zone information, and replies to the 
interior DNS 13. The interior DNS 13 relays this global address to a terminal 11. 
[0039] then, the global address which acquired the terminal 1 1 -- the destination - 
- carrying out -- transmitting [ the local address of a terminal 1 1 ] origin -- ** - it 
carries out and data are transmitted (step S75). In step S75, a terminal 1 1 
transmits data to the NAT router 33 through VPN equipment 12, the third 
communication network 50, and VPN equipment 31. The VPN equipments 12 
and 31 deliver and receive data by the virtual private network. 
[0040] The NAT router 33 changes the destination of the received data, and the 
IP address of a transmitting agency (step S76). The NAT router 33 changes the 
global address used as the destination into a corresponding local address. 
Moreover, the local address of the terminal 1 1 which has become the 
transmitting agency is changed into the global address (IP masquarade address) 
of the NAT router 33. 

[0041] Moreover, the NAT router 33 judges whether it is what was sent from the 
terminal in which the received data have an access privilege to a host computer 
21 (step S77). The NAT router 33 judges whether it is data sent from the terminal 
with an access privilege based on the IP address (local address before 
conversion) of the transmitting origin included in data. If it judges that the NAT 
router 33 is data from the terminal 1 1 with an access privilege, transmission of 



the data will be permitted and the data after address translation will be 
transmitted to a host computer 21 (step S78). The NAT router 33 transmits data 
to a host computer 21 through VPN equipment 32, the third communication 
network 50, and VPN equipment 22. The VPN equipments 32 and 22 deliver and 
receive data by the virtual private network. 

[0042] A host computer 21 checks whether the data which received a message 
are data from a terminal with an access privilege, and if it accepts an access 
privilege, it will permit a communication link (step S79). A host computer 21 
judges whether it is data from a terminal with an access privilege based on the IP 
address of the transmitting origin included in data. If the transmitting origin of 
data shows the NAT router 33, it will be judged that it is data from a terminal with 
an access privilege. 

[0043] Here, the terminal 1 1 in the first communication network 10 showed the 
example in the case of transmitting data to the host computer 21 of the second 
communication network 20. The actuation in the case of transmitting data to the 
equipment in the first communication network also has the same equipment in 
the second communication network 20. In this case, the actuation as the above- 
mentioned interior DNS 13 with the same interior DNS 23 in the second 
communication network is performed. 

[0044] According to this invention, a difference does not arise under the 
management burden of two communication networks 10 and 20. Moreover, since 
it is necessary to prepare neither an NAT router nor DNS for VPN in the first 
communication network 10 and second communication network 20, respectively, 
it is not necessary to overlap a facility. Furthermore, the network center 30 is 
equipped with the VPN equipments 12 and 22 in each communication network, 
and the VPN equipments 31 and 32 of the same kind. Therefore, it is not 
necessary to arrange the class of VPN equipment in the first communication 
network 10 and second communication network 20. Consequently, it becomes 
easy to select VPN equipment in each communication networks 10 and 20. 
[0045] Next, the gestalt of other operations of this invention is explained. Drawing 



4 is the block diagram showing the gestalt of other operations of the 
communication system by this invention. Drawing 1 and a common sign are 
given to equipment and the communication network which are common in 
drawing 1 , and explanation is omitted to them. The network center 30 is 
equipped with DNS and the NAT management equipment (it is only hereafter 
described as management equipment.) 35, and the access-control equipment 36 
other than the equipment shown in drawing 1 . 

[0046] Management equipment 35 acquires the host name and local address of a 
host computer which receive data from the manager of the communication 
network where the host computer belongs. And management equipment 35 
assigns the global address corresponding to the acquired local address, and 
makes an NAT table (correspondence with a local address and a global address) 
hold to the NAT router 33. Moreover, management equipment 35 is made to hold 
to DNS34 for VPN by making correspondence of a host name and a global 
address into DNS zone information. 

[0047] Management equipment 35 displays on a manager's terminal the WEB 
page which has a host name and the input column of a local address, and 
acquires the inputted local address from the terminal. Access-control equipment 
36 performs the access control to the data sent from the exterior of a service 
center 30. For example, an access control is performed to the data which the 
terminal which is going to require a WEB page transmits to management 
equipment 35. 

[0048] Local address acquisition equipment is realized by management 
equipment 35 in this example. 

[0049] The example of actuation of the communication system shown in drawing 
4 is explained. Drawing 5 is the flow chart showing the example of actuation of 
this example. The manager of the second communication network 20 transmits 
first the local address and host name of a host computer 21 which receive data to 
management equipment 35 (step S91). At step S91 , the terminal in the second 
communication network 20 (not shown) acquires the WEB page which has a host 



name and the input column of a local address from management equipment 35 
according to actuation of a manager, for example. And a terminal transmits the 
host name and local address of the inputted host computer 21 to management 
equipment 35. Moreover, in step S91, in case a terminal and management 
equipment 35 deliver and receive data, it checks whether access-control 
equipment 35 has inaccurate data from a terminal. For example, it checks 
whether it is inaccurate data by the IP address of the transmitting origin included 
in data. It will cancel, if it is inaccurate data, and it does not tell management 
equipment 35. 

[0050] Then, management equipment 35 assigns the global address 
corresponding to the local address which received in step S91. And 
correspondence with the local address of a host computer 21 and a global 
address is made to hold to the NAT router 33 as an NAT table. Moreover, it is 
made to hold to DNS34 for VPN by making correspondence with a host name 
and a global address into DNS zone information (step S92). Management 
equipment 35 holds beforehand the network address (global address space 
information) used as a global address of the second communication network 20. 
In step S92, the global address which shows that a host computer 21 belongs to 
the second communication network 20 is assigned based on this network 
address. 

[0051] In addition, management equipment 35 performs same actuation, also 
when the network address (global address space information) of the first 
communication network 10 is also held beforehand and acquires a host name 
and a local address from the manager of the first communication network 10. 
[0052] The NAT router 33 acquires the NAT table showing correspondence with 
the local address of a host computer 21, and a global address by actuation of 
steps S91 and S92. Moreover, DNS34 for VPN acquires correspondence with a 
host name and a global address. Then, the actuation at the time of a terminal 1 1 
transmitting data to a host computer 21 is the same as actuation of steps S71- 
S79. 



[0053] What is necessary is just to operate steps S91 and S92 again, in changing 
the local address of a host computer 21 etc. If a manager inputs a host name and 
a local address into a WEB page and it transmits to management equipment 35, 
management equipment 35 will perform creation of an NAT table etc. Therefore, 
a new host computer can be added in a communication network, or even if it is 
the case where a local address is changed, a setup of the NAT router 33 or 
DNS34 for VPN can be changed easily. Therefore, a manager's burden is 
mitigated. 

[0054] Here, the case where the host computer 21 which was able to assign the 
local address communicated was explained. The global address used when the 
equipment arranged in the second communication network 20 is accessed not 
only through a local address but through the Internet 50 may also be assigned. 
However, this global address is not the global address used by the 
communication link by the virtual private network but the address for receiving 
access only through the Internet 50. Therefore, it differs from this global address 
and the global address which is made to correspond to a local address and is 
assigned at step S92. The global address for receiving access through the 
Internet 50 is hereafter described as the global address for the Internet. 
[0055] Management equipment 35 may acquire the DNS zone information which 
shows correspondence with the global address for the Internet, and a host name. 
Drawing 6 is the block diagram showing the example of a configuration of 
communication system in case management equipment 35 acquires this DNS 
zone information. Drawing 1 , and 3 and a common sign are given to drawing 1 , 
and equipment and the communication network which are common in 3, and 
explanation is omitted to them. 

[0056] The first communication network 10 and second communication network 
20 are equipped with the exterior 14 and DNS 24, respectively. The exterior 14 
and DNS 24 all belongs to global network. The exterior DNS 24 holds 
correspondence with global addresses for the Internet, such as a host computer 
in the second communication network 20, and a host name as DNS zone 



information. This host computer etc. is equipment which accepts access from the 
outside (except the second communication network 20). The information on a 
local address is not included in the DNS zone information on the exterior DNS 24. 
If the exterior DNS 24 has a host name specified from the outside and a name 
resolution is required of it, it will answer the global address for the Internet 
corresponding to a host name. It operates like [ the exterior DNS 14 ] the exterior 
DNS 24. 

[0057] In addition, also in drawing 1 and the communication system shown in 3, 
the first communication system 10 and second communication system 20 may be 
equipped with the exterior 14 and DNS 24. 

[0058] When making management equipment 35 acquire the host name and the 
global address for the Internet of the equipment to which the both sides of a local 
address and the global address for the Internet were assigned, the exterior DNS 
24 transmits DNS zone information to management equipment 35. It checks 
whether access-control equipment 35 has the inaccurate DNS zone information 
from the outside DNS 24. Inaccurate data are canceled and do not tell 
management equipment 35. 

[0059] When making management equipment 35 acquire the host name and the 
global address for the Internet of a host computer in the first communication 
network 10, the exterior DNS 14 should just transmit DNS zone information to 
management equipment 35. 

[0060] In order to transmit information from a terminal 1 1 by the virtual private 
network to the equipment to which the both sides of a local address and the 
global address for the Internet were assigned, correspondence with the local 
address of this equipment and a global address must be made to hold to the NAT 
router 33 as an NAT table. Moreover, it must be made to hold to DNS34 for VPN 
by making correspondence with a host name and a global address into DNS 
zone information. In order to make these correspondences hold to the NAT 
router 33 or DNS34 for VPN, after the exterior DNS 24 transmits DNS zone 
information, the same actuation as steps S91 and S92 is performed. 



[0061] In this example, management equipment 35 acquires the information 
which shows correspondence with the global address for the Internet, and a host 
name from the exterior DNS 34. Therefore, each communication network 10 and 
the global address for the Internet of the equipment in 20 can also manage the 
network center 30 besides the global address which was made to correspond to 
a local address and a local address, and was assigned. 
[0062] In addition, the terminal (not shown) linked to the Internet 50 etc. may 
access the host computer of the first communication network 10 or the second 
communication network 20. In this case, the terminal linked to the Internet 50 
specifies a host name, and requires a name resolution of the exterior DNS 14 
and the exterior DNS 24. If a name resolution is required of the exterior 14 and 
DNS 24, it will answer the global address for the Internet of the host computer 
corresponding to a host name to a terminal. A terminal transmits data to a host 
computer by making this global address for the Internet into the destination. In 
that case, between the Internet 50, and the first communication network 10 and 
the second communication network 20, NAT equipments (not shown), such as a 
fire wall, exist and the global address which is a destination address is changed 
into a destination host's local address. 

[0063] Moreover, the terminal in the first communication network 10 and second 
communication network 20 may communicate with the host computer (not 
shown) linked to the Internet 50. A terminal 1 1 is made into an example and the 
actuation in this case is explained. A terminal 1 1 requires the name resolution of 
the host computer linked to the Internet 50 of the interior DNS 13. If a name 
resolution is required of the interior DNS 1 3 about the host name which is not 
held, it will relay the demand to DNS (not shown) connected to the Internet 50 by 
the default, and will commission a name resolution. DNS linked to the Internet 50 
performs a name resolution, and answers the global address of a host computer 
to a terminal 1 1 . A terminal 1 1 transmits data to a host computer using this global 
address. On the contrary, the case of the connection via VPN, i.e., connection 
into the second communication network 20, relays the demand to DNS34 for 



VPN, and commissions DNS34 for VPN a name resolution. This is specifying the 
host name of DNS34 for VPN, and an IP address to the domain into the second 
communication network 20 in NS record of the interior DNS 13, and can 
commission DNS34 for VPN a name resolution. 
[0064] 

[Effect of the Invention] According to the communication system of this invention, 
a junction center is equipped with the address translation equipment which 
changes the IP address which shows destination [ of the data relayed to the 
name resolution equipment which answers the global address corresponding to 
the local address of the equipment which the second communication network 
contains according to the demand of the name resolution from the first 
communication network ], and transmitting origin. Therefore, it can prevent that a 
difference arises under a management burden in the first communication network 
and second communication network. Moreover, it is not necessary to form the 
facility which overlaps the first communication network and second 
communication network. 

[0065] According to the correspondence procedure of this invention, moreover, 
the name resolution equipment which is arranged in the junction center and 
performs a name resolution According to the demand of a name resolution, the 
global address corresponding to the local address of a host computer is 
answered. The address translation equipment which changes the IP address 
which is arranged in the junction center and shows destination [ of data ] and 
transmitting origin The global address used as the destination is changed into the 
local address of a host computer, the local address which becomes a 
transmitting agency is changed into the global address of address translation 
equipment, and the data which the terminal transmitted are transmitted to a host 
computer. Therefore, it can prevent that a difference arises under a management 
burden in the first communication network and second communication network. 
Moreover, it is not necessary to form the facility which overlaps the first 
communication network and second communication network. 
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[Brief Description of the Drawings] 

[Drawing 1] It is the block diagram showing one gestalt of operation of the 
communication system by this invention. 

[Drawing 2] It is the explanatory view showing correspondence of the IP address 
changed. 

[Drawing 3] It is the flow chart showing the example of actuation of 
communication system. 

[Drawing 4] It is the block diagram showing the gestalt of other operations of the 
communication system by this invention. 

[Drawing 5] It is the flow chart showing the example of actuation of 
communication system. 

[Drawing 6] It is the block diagram showing the gestalt of other operations of the 
communication system by this invention. 

[Drawing 7] It is the block diagram showing the example of the conventional 

communication system. 

[Description of Notations] 

10 First Communication Network 



1 1 Terminal 

12 VPN Equipment 

13 Interior DNS 

14 Exterior DNS 

20 Second Communication Network 

21 Host Computer 

22 VPN Equipment 

23 Interior DNS 

24 Exterior DNS 

30 Network Center 

31 32 VPN equipment 

33 NAT Router 

34 DNS for VPN 

35 DNS and NAT Management Equipment 
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m»tim^. T-*i%imm<mm*v by 
-?«o<Bams#:*# -ncomm^'v by-? 

mt , HZCDfflfl^y b 7-? 1 2 0^fI##W"& 

[ooii] ifc, ffir^ait^-y by-? l 2 o^ 

m-eMfi*v by-? 1 1 0£T-?£jIfrt6 
sr&t*, m-comm*>y by-? 1 1 octvpN^D 

N S^NAT/b-?£f£{t&Cm«'&£>1\ fSff^'fiil 

[0 0 12] IM*, n-#/b7bb<Xc^Jglf 

OfctT, 2 4^VPNfflDNS 1 2 3 

o§b££ Eft L^imi^j: ^-f , w&0>affl#*# & 
[0013] ±tz, m-comm^-y by-? 1 1 o tm 

rc7)Mft*'y by-? 1 2 0 fcWC. «f£t£ffl£ffl 
V^TilfrrS^-, VPNgfl 1 2, 122£»D 

mwizLmtiim^fr^tz, -t^hh, vpnii 
[ooi4] *mm. &&m*>y w~y<nmmM<r) 
#sift* -y b y- ? mm* fit s «t a t-t* <r t £ a 

[0 0 15] 

-Mi, n-^/brbb-x^MB^SIg-oafi^-y by 



y-? t . sus-warn* -y n y- ? axv^m^mm^ 
•y b y-? imstth r-? *■ t & 

fl/l. WtrV^ii, m-toam^.y by-?^<7>g 
ir«^g*tj£tTm^afi^>y by-?^'Mfg 
Mon-;# /bT b b-X £*f J©t4 ?"n-A/b7 b £ 
HFgpr S £f?jBi*§!§K t , «-f S t ? <o%5tfc J; 

sftTc^^-r ip7f bx £ «t § r vuxmrnu 
tzffit. m-<Dmm*>y by-?i±. 
@§tfc^n-A^r bb-x^^h u m-oafl* 

•/ b y - ? 3&*#t^*c?) n - ij IV 7 b V X ^ SftTC t -t 

mi. SBtfciSy'nw^T b b-x^ *fjE-fl. n-^ 
/bTbb-Xt^tU ^flTufc^Sn-^/bTbb-xSr 
T bb^X^mgMo^n-AVbT bb-Xt^LT. r 

-^^m-ioam^'y by-^tiifi-ri>- 

[0016] S&r^iift*'/ by-^«. n-^;bT b 
b-x^fJDST^ix^^xbnyb^-^&flix., 
toafI*>y by-^(i, n-^ibTbb-X^'IiJDST^ 

sg*^^^xb3yb°^-^^Hu(»^ 
mmm, zmm*m*>?cD%mMmmmz* 

jL-^^n-Xf/l^r b ^*K*fJEt4 /n-^VbT bb- 
)V7WXlt%%bL, Sffi*^n-^;bTb^X^iifI 

n-^?;bT b bX^T b b-X^jigM^^'n-A'/br b 

uzizm&Lx, T-^^^xbnyb^-^tiift-r 

[0017] m-^afl^-y by-^(i. 
^mLfcx-^ Pliant i oTinm-tsm-^ 
vPN^g&^ii, ^zoafl^-y by-^tt, Tbb- 

-rsm^vpN^g&fi^, ^fty^ii m-ov 

7OTPNgl};, V P N fc OPhITIIS^IS 

OVPNgM^^ia^VPNgMfc L^<T ±v WX\ 

%mm*v by-^T"VPNgM^3isL^< ; Sci> 0 

[0 0 18] cbffiby^ii, 

b^fc=bWn-^;bT bb-x^ffX#^-|,n-^;bTb^ 
xK^gM^fli. n-^;bTbb-xE#gMii. JX# 
L n - * ;bT b b- x JE-T Sstsxhayta-^ 
^n-^VbT bb-x^fiJD ST. n-^;bT b b-x ^ 

n-^vbr b b-x t nwmmxftfim* r v bxg 
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M^KCfWf'f^U-. TYYXmmWH, n-^/PTF 

yx k yu-^vr y fx k ^nmmi^^mm^m 

o'V ^T , Wt t & S /nw^r FFX £ n-#;F7 F 
yxt»f& U\ 'tOio'SrWjSfciifL 

(£, n-#;F7 F FX i: j^o-A^r F FX k^)M&m 

[0 0 19] tfffi-fev^a, TFxpnyt.-j.-^o^x 
b££ i y'n-*^T F P-x £ JX#-f § n-#/F7 FF 
xJX#§IM£ fS;t , n-#;FTFFX|Xf#§§M(i, JXf# 
L^n-^/FTFFXfcftje^StfXFnyej.-^ 
^'n-A';i/T F FX£iO 0 ST , ?u-)\)VT YVXk 

jx# uc*x h%t mmm**t$m*mm®M 
mz&mzit. %mm®mmz. 7v~rs>vrYvxk 

'Mo zktfftt iw ^xd^mmzxtm. 
[0020] mm, n-0m*v y 

& XVm-CDWm* v Y k i -y Y 

ziYixmmztii, 

[0021] ^mfoxhw^mt. u-ijjvr ff 
x*mmm-<nmm*-v Yy-?mtm*t>\ 

n-#;F7FFX£f£fflf SUZOffifl^y hV-ttf 

^t&*xh3yv*-?cD*xb%£mfcixmm 
&£g#u m-<vmm*~y Yv-t&xtfm^mt 
* v f v-9 tffiBtfthir- ? * *«rr h >*& 
mmmm^mm o , *st* y ? tz&Mstim 
m% mmmmtf , mmmemmzm t t * 

X F 3 y\Z^-90)n-f))VT Y YX\znmfi, 7u— 
A/tyrFFX^ISgU Si***, fw^nw^rKI/ 
AtWtbL. mL<nx3-i})V7VVX*mi7tb~t%> 
t — ^SrilflL, ffi-fe y ? fciffl $ *ir - * 

■t taifis %7jk-t iptvu x $m&t h 7 y ux^m 

iSB#, Wtktchfxi-rtflsT Y Fx £*x hayt° 

^~^0}u~^)vrYvx{z^mL, mmitk^m- 

i))VT YVX£TYVxm%%m.Wu~Ji)VT Y FX 

[0022] mm. w?y^J4, m-cmm* -y f 
v - 9 im i h m-<v v p n mm t*tjE-r h ^ v p 
Nmmm^ximmmmz x x?~ ? i , m 
—<mm* v vy—?tmz-&&—<?)v p Ngttm 
t&mm<vvpNmm£m^xmmmMizx~>XT~ 

mw.tm-zcDVPNmwmmcovPNmwtL%<x 
x \ wx\ *am* -/Yv-9 xv p Nmmrm^ 

[0 0 2 3] fffrfey^fi, *xb3yba^^x 
Y&&X tfu~l])V7 YUX £jm L . JX# Lst n 
b* V x \zftm- h * x b 3 y h° ^ - ^ 



f ux k nttmmt:*rtfim* r y vx$mmmz& 
-^vt-T f vx k mmmm^i-wm^zm^ ^x , u 

3tk%h7'v-r\)V7YVX,$:Yi-J}}V7YY>X^Z^m 

-thz\ki>mtu\ ^Xo^nmizxtiti. u-ij 
jvr Yvxk yv-j <}ir Yvxk conmmffi ^-tw 

[0024] «ty^ll *xbayta-^x 
Y^toX tfn~l])V7 Y UXZWnt. K# Ltz n-^ 
;l/T F b- x tMJEE-f 5^b3yti-^«?"n-A'/i/ 
T F F-X^ f ij 0 ST , /n-^VFT F FX fc E# tfc* 
x F£ t tOMJtBPg^^ 1Pg&=&ff)S^*tffi^$ 
^frll^Eii. ^"n-A'^rFFXt^xF^t 
^MJEMfi ^ S-Tffllg ^T ^ Mftl^^ 3 - k 
KtLW %coXoWmzXtili\ ?u~j\)VTYV 

xk^xY&k mmmm^tmmmmmumm 

[0025] 

^#B3LT^-ri,. Hlii. fifty xr 

^vs. : ' -ll^r-i. i •I-N-'MHM',, 
y^fAit m^fift^-y F V-^ lOt, mzoffl 
ft^vFV-^20fc, ^-/FV-^^y^30t^fi 
ffi-^fift^v FV-^ 1 0 tffir^fiff^-y F 
V-^2 0(i, ^mn-^/l/7F*U^*ffiffl-fSil 
ft^-yFV-^T*S 0 ^-yFV-^-ty^3 0(i, ffi 
-<7)fift*-y FV-^ 1 0 fc®r^fifl^-y F7-? 2 
0>^P B lT51gft§^l»T-^^«t-|) 0 m-^iift 

*7b7-?i o, ^r^)fflfi^vF T 7-^2o, ax 

V*y}.7-?-kyf 3 0«, ffiZ^Mft^ v F V-^ 
5 0tJ:-5T^^^S. mHiOilft^'y FV- 

[00 26 ] H-^ffim^'/ F 7-? 1 0(2, «*1 1 
k, l^aJDNS 1 3 t , VPNgf (H— tOVPN^ 
■ ) 12fc^fl^l> 0 m~^ilfl^'y F7-?2 0(i, 
^XF3yt°^-^2 lfc, |*lgPDNS23fc, VPN 

mm ( m~ ^ v PNmw) 2 2k?tmth» m-^mm 
fy-^ i ofcit^zwsifi*'/ F7-? 2 o^' 

^xY^y^^~9^\mLx^xhxw 

[00 27] rti5DNS13(i, &—<m^*>v Y V~ 

7 1 o \zmthtmm.<?rtx f^ t u-tsvr y fx t 
mm*tffl& (DNsy-yffifg) z&wtz. ft 
gPDNs 1 3ii, m-comm^y yv~?\ oizmtz 
mm. mm. s*id tfm-<mm*v yv~?\ 
ortTW^Tdigt, zmmttfo. p^spdnsi 
3(4, mtx^^xY^ (mm, ^xF^ye 

lCO^XF^) f3UT^Iuft?^^g*§^ 
f*arf-^VPNfflDNS3 4t;, ^W^^g 
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&t&. fflDNS2 37;lJj{f-(2, ft^DNSl 3 tm 

[0028] VPNill2, 2 211 -tfi/Ffl* «y h 
T 7-7*y7 3 O^'fjiUSVPNilM (H^(7)VPNg 
1)31, VPNUM (JSE7>VPN§IM) 3 2fc. M 

[0 0 2 9] m-^aft^-y 1-7-7 1 OiSitf 

mz.comm^y 1-7-7 2011 ^oam*? yv~ 
fer?wwi^7 1-7-7 arF, 

NS13I1 ®-<DiIfI*>y f-7-7 1 0W7^- 
M-y by-^tJRi-i. ^h3yt'a-^2 1 fc, 
ftgfiD NS2311 ff?Z7)}IfI* «y h V-7 2 0 7)7°^ 
4K-h*-y t-7-7(3H-f£« VPN^fl 2, 22 
12. -efi^ifU ffi-. Urofflfi^y F7-^to7'n 

[0 0 30] *«y t-7-7^y7 3 0(2, VPN$|{I3 
1, 32t, NAT;K^3 3L VPNJBDNS34 
fcfcffliS. VPN£t«3 1(2, fWDjIff*-/ f-7- 
7 1 OOTPNgil 2 fcRS<0VPNiHrr*4. * 
fc, VPNg*3 2(2, mr.<7)Mi$%>y f-7-7 2 07) 

v p Nil* 2 2 1 mmco v p Nmrt* 5 . 

[0 0 3 1 ] VPNfflDNS3 4(2, 3&— <0iHt* v b 

7-7 1 ot^dns 1 3^, t^b^mmm 

^*rt»DNS 1 3t|lIS^-S. VPNfflDNS34 
(2, *xbayti-^2 l^n-T^TF^^g 

*\ 3 3(;i^tti$iit/nw^r 

T^Xfc, ^Xb^tO^JtB^VPNfflDNS34t« 
!f§^l> 0 l*li5DNS13^Xh^^^L5t5:^ 
if, VPNfflDNS34(t *Xhnzttm-tZ>yv~ 
^7^7^raDNSl 3(WS, S*l 1 
(2, ^7j7''n-ys>7l^x£%;£fc LT, *7f^y 

[0 0 3 2] NAT/I/-^3 3I1 *Xfnyta-^ 
2 KOn-^TKWS^n-^TKI/X lz$m 
I , n-*;P7FWXt 7"n -y s';|/7 b* 1^7. co*f JEW 
«&^lffg^f*f§t-|> 0 NAT/^3 311 4^>* 
XhsytjL— *2 lOn-^/L-TKPXSrH-Offlfi 
*>y b 7-77)^11^7^-^ £>ti, :on-^/l/7F 

[0 0 3 3] NAT;^3 3tl *7fayt"a^ 
2 107'n-y^7K^7,£^fct-|>T-7£S*l 
1 £ Sfl 1 3t & (2 , 555fe £ 7"n -y ^7 KWi^ 



767)0-77/^7 KPXfcMLT, HZTjffifl* 'y b V- 

?2 0fcSIHtt£. S*l l*^SfIt-|>T-^ 

(2. 3g*l 1^-^/1/7^1/7 (g|— 7)fflfl^-y 

X\^h. NAT/I/-? 3 3(2, Sfl7c£S*l l^n- 
*;l/Tb*U>t*»6. NAW-^3 3^IP7X^1/- 

(2. NAT/I/— 7 3 3 (7)7*0-^/1/7 F fc LTffiffl 

[0034] N AT/I/— 7 3 3(2, £Z£DSIfI* 
•/ 2 0^7'n-y^r K^xfc LTffl^S*v 

1-7-77 K^x t*U*3ISIfllfB) ZJ- 

-A7^7K^X(;»fl> 0 *7b3yta 

- 7 2 1 &m-(mm* -y t- 7- 7 2 0 & ; t & 

St/n-/*7Kyxt:tit§„ NAT/k-7 3 3 
(2. Mft7C^n-77/I/7b*I/'X£NAT/l/-?3 37)I 

[00 3 5 ] 02(2, NAT;P-^3 3ti-5TS»S 
ft£ I PTHU^*fJiE*^1UiraTS)S. SB*1 1 
(2, *^h3ytjL-^2 ltr-^^fi-fS^ * 
Xb3yt°jL-7 2 \<T)?u-)-sjVTYVX*U%b 

a. zcom^iiMmmii, nat/^3 3cj:o 

^ii^^S^i, 1(2, * 

NAT71/-7 3 3 7)7'n-A;l/7> h'l/X ( I PVX^fl/ 
-VTVUX) Zmtftb-thT-Z^t-fh. 02 

[00 36 3 *Mtfc^T, Wr>-7i2, *«yhV- 

gi2. |*iaJDNS13tJ:-5Tll^^S. «Hff)B^ 
■li, VP NfflDN S3 4£J;-5 T^S^^So 
7,^ffigM(2. NAT;k-7 3 3(;j;-oT^i|§ti| )o 
[00 37 ] ^t, S*l l^b3yta-^2 1 

tf-^iltSMKoutiiit^ „ 03 

(2. aft>-7TAOiJ#OM^St-^glT"feli 0 * 

■f . ss*i it(2. ffiffl^(;J;-oTT-7^5lifi5fe 
xbnyfi-^2 1)^7f^A^$M 
-y7°S7 1 ) . SB*1 1(2. A*$fe*7l^S 
if^^rtgPDNS 1 3(;g*^l> (7T77S72) . 
F^g^DNS 1 3(2, *7bayt"a-^2 lTjT^Xh^ 

g|5DNS 1 3(2, S*l l^t^^luft?^g*^VP 
NfflDNS34t«L, VPNffl3 4t^H5l!¥^*S 
tt-tS (7f77S7 3) . Xx-y7°S7 3(;fe^T, 
F^gBD N S 1 3 (2, VP 1 2 , H7£tf)3Ht* -y h 
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V-?50, fc=fc^VPN§§B3 lifrlX^Xh^ 

$mt&. v p Nmm 1 2 , 3 ui, «f«*x 

[0 0 38] VPNfflDNS 34(4, fg5£$3fi;t*X h 
^oUT^fWi^Td fXf77S74).Xf7 
7"S7 4££VVt, VPNfflDNS3 4(4, DNSV— 

ftU ftSPD N S 1 3 tmg-rs . fiSEDNSl 3(4, 
;^/o-;^7FUXJS*l liz^mth. 
[0 0 39]Il->t,S*ll(l M%Ltz^u~^)V 
TVUzZWcbl. mil l<7m~ij)VTYVX^m 
ffittbLXT-ftmsth (Xf77"S75) . X 

f y:rs7 stfcwc, Hi, vPNgfi 2, 

HHOfflft^^bV-^5 0, tJjtfVPN§6K3 l£ 
tf-LT, 3l,zm^t&. VPN 

HE 1 2 , 3 1 i±, £fglltf-^^gft« . 
[0 04 0] NAT/P-^3 3(4, gfILfcr-*tf>3S 

76) . NAT;^3 3I1 SSSfcfc&o-O^^n- 

S 0 iifl7ct^-oTV^S*l l^n-WF 
WS, NAT;]/-? 3 3«?'nw\';l/7Kl/X ( I P 

[0 04 1 ] ttz. NAT;l/-?3 3(4, gftLfcr- 
^xb3yt°j.-^2 i^<?5r^-fe^ti^#oS 

**^&&:h.fc&«Dj&»£ffilrf6 (Xf77S7 7) . 
NAT^-?3 3(4, Wiif, T-^t-irttLSiSftTC 

PKrtS. NAT;k-^3 3(l T^txi^SoS* 
1 l^t^T-^T'-feSfcfliTL^^^if, Wr-f 

b°j.-^2 1 tiMfrfS (Xf77S78) . NAT/1/ 
-^3 3(4, VPNSM3 2, HZc?)iifi^«y hV-? 
5 0, felV'VPN^l2 2£^LT, r-?£**h 
nyh° J .-^2 1 fcgft-fS. VPNgf32, 22 

[0 04 2] *Xh3yta-^2 Hi, #fIUlT- 

(Xf77S7 9 ) . *Xb3yta-?2 1(4, 
if, T-^t#^5flS}Ift7£OI PTKPXtSo'U 

«Tt 5 . T- ? OjlliTC^' N AT^- * 3 3 ^ t T 

mti. 

[0043] i £ T14, gf— *>SHi* >y I- 1 0 1*1 

1 1 J&\ SOOSHI* 7b7-?2 0 C0*X )- a 
yb°^-^ 2 1 KT-?£SM#f 5«£<^£jj?Lfc. 

asn^am*-? N7-^2o rt^gg^, n-oam- 



DNS23i\ _tj£c0ftgPD N S 1 3 t ^IftltOlJtff-^fi 1 

0 „ 

[0044] itttf , r-^sifi* -/ b <7-? 
io, 2oo«fitfflt^4it^u 0 ttz.m-^m 

I*7b7-^1 OfcltA'^ZOafl^-y h7-720 
fc-f-fl/fift. N A T;l— ? ^ V P N ffl D N S £ |£(t £ 

7-ny^3 0^ #fflf!*'y h7-?F*lOTPNg 
M12, 2 2fc«7)VPN£§M3 1 , 32^flil, 0 
iot, if— <Z>Sft*-y h?-? 1 0 fcH^ilfl^y 
h v-? 2 0 hT", v P NM^^Jii ISm^j: 
\>\ ^oSH, #ii*7 hy-? 10,2 ox\ vp 

[0045] mz, ^%m<n\mmmmm^jv^xm 

Wt&. 04 ii, ^HJtiSiim^rAeoffi^llSt 
c?:MSr^ t7n-y7a-Cfcl> 0 Hlfc#»**«l> 

fflft^-ybv-^tti, mt«o«^Htu mm 

MOffHC DNSiSitfNATlPlS* (tTF, 
aSHffclEi-. ) 3 5 t , 7?-fe*iW»i6*3 6 t Srfli 

[0046] 5(4, T-?£g(t&S*.Xh 

ft^feKft-ti. ^tt, «IIg«3 5!4, JR^tfcn 

T, NAT^3 3t, NATf-^Mn-W 

^11^3 5(4, *Xf^t/D-;*7FW 
COMJES- DNS y-yffifg t LT , VPNfflDNS34 

[0047] «JigM3 5(4, ^Xh^iy'a-^/k 

*^JRfW> 0 T^^X$[JtPgM3 6(4, -tf-ex^r 
y^3 0^ICKi7)}i^t<5f-^(:Stl»7^ 

[0 048] ^Mfcfc^T, n-^7KU^liif 
(4, ^^3 Sfcriof^SSfLS. 

[ o o 4 9 ] H4 (^t-afi>-xxi,otJ)#ow^ mm 

■th„ 05(4, WJt0»#^J&^^HT'*l» o m 
roafI^-yb'7-^2 0^Ji#(4, i-f, r-^* 
g(7EI.*xb3yh 0 j.-^2 lwn-^/Fl/Xfi 

kv*xv&itmmm.W3 5kzmti-& (x^- y rs9 

1 ) . Xx-y7°S 9 1 T"(4, Wi(f , SraMft^y h 



(8) 003-188901 (P2003-188901A) 



T, S*(4, XKZKtz*xYuy\z?.-9 2lco*x 
F^fc i. V'n-#/y7 F FX £<fH§tB 3 5 fc&ftt 
S. Xf-yTSgiCfc^T, S*»i§!M3 

5^T-^^g^SH, 7?*Xffl«§IM3 5(4. % 

[0 0 5 0] M^T. « ; S§IM3 5(4. Xf77S9 1 
t U T gft L n - ij )VT F F X {ztt mth ?u 
JVTVUXim^^Xt. * LT, ^hnyha-j' 
2 1 tf> n ~ii )VT F F X b 7 n s;/F7* F F X t <m J£ 
£, NATf-^t LTNAT;F-?3 3Cffi#£-£ 

N S V - y tf m t L T V P N R D N S 3 4 CM § •£ 6 
(XT77S92). «JIg*3 5(4. SSroiHt*'/ 
F7-?2 0<Tt7u-rt)VTYVXb F 
(^n-A/yrFFX^fiffg) Sr^ft 
ftEPtS. Xr-y7"S9 2fciSWC, I^7h7-? 

ilft^'y F7-? 2 0(cJR"f S^ii^-f ^n-y^T 
FFXtrMDSTS. 

[ 0 0 5 1 3 =3:53 . faiHt 3 5 (i, SMOitm* v F 
7-? 1 Fy-^TFFX (/n-^THI/ 

[0 0 5 2] Xf77S9 1 , S9 20i)mcj; t 9, N 
AT;F-?3 3(4. *Xbayh'^2 1«o-^ 
TFF-Xfc ^n-^'/FT F FX k tfDjfcrjE&^rf N ATf 
-77F£ffif#-fl>o VPNfDNS34(i, *x 

F^fc ^'n-^vyr F fx oMJ6£K#-f § . <r (o 

■fSBKOlWIMi, Xx'yTS7 1~S7 9^»frt|Hl« 

[0 0 53] *Xbnyta^2 1«n-^7K^ 
X^^^g-fS^tii, Xf77S9 1, S9 2C01 
^^SMf^H'ivy <gm%lt, *XF£fcn-#;F7 
FFX^WE B^-^*tA* LT««M3 SCiMftt 

fct, fifl*>y F7-?ftC§T*:%*XFnyt°. a .- 
?£i!flnU:9, n-^/FrFFX^S^S^T'S) 
iT^ NAT/F-^33^VPNfflDNS34<7)l£;£ 

[0 0 54] dTIi, n-#/F7FFX£fJDST£> 
ti/i^h3yt'^2 1 #ilfl £ff 3 f#BH L 
fc. H^ilfl^y F7-? 2 0fcEM§*i5Hgli, 



n-#/F7 F*F*fc*ttT*2r< , >f y?-*>y F 5 0 
LT7?-fex§til,fc^fflui>^n-y^F7FFXk 
SKOS-C^fi-S^^ftS. fcfc'U ;y)^"n-A';yr 

f vxm^ mmwmzi. mmxm^tL&fv-^ 

)VT YVXX'\i?£< . mz4 y?~^>y F 5 0 ZftlX 
T9*iXlt?k»mhtztb(7)TYVXX°foh, m~?X. 
Zcofv-J^VT Yl/Xb, Xt y 7°S 9 2 T"n-#/F 
T F FXCrttJtES-ttTliJ 0 ST 6 ?"n-AyV7 F yx fc 

\m^tz^yu-j\}VTY\yx^^ ot, ^y^-^ 

-/ bffl^'n-AVyr F yx fclEt". 
[00 5 5 ] ©I1SM3 5(4. >f y^-^-y Fffl^n- 

vsvyr Yuxt^xv^k conm^i- d n s v-y|f 
m^M#LTii;v\ 06(4, WSSE3 5^,iy)DN 
s v"-yfiffg£iBtf#-f s # oMffyxxA^ffi^J^ 

7jrcT7"n >y ^ 0T35 S . El 1 , 3 t imt&mW&Mm 
^-yFV-^t(4. 01, 3t*JIO^&#L, Wffl 

[00 56 ] m-comm^ -y F V-^ 1 0i5 i^'mzo 
fflft^ -y F y-^ 2 0 (4. **l WHfllD N S 1 4 , 2 
4JIi.§ t jWHDNS14, 24(4, V^t^n- 
AV^>y ^i5DNS2 4(4, 

fflfi^ y F v-^ 2 o ftco*x F n v^2.-$m<nA > 
9-* v Fffl^n-^VFT Fl'Xfc-fcXF^i: OMJtE^ 
DNSV-yflffRttTfiim-S. :^Xh3yha 
-^i, JfS (^ZOilff^-y FV— ^ 2 Oiil^h) j&» 
^r^'bX^iig«>TV^g!IffcS. ^hgPDNS24 

coDNSV-yfpgt;(4. n-^;yr Yvx^mmn^ 

ft^rvy ^gPDNS2 4(4, W^Xf^^f^? 

A y?-% v F ffl^n-A'/yr F yxj EJig-r 5 „ 
DNS14{;, N S 2 4 t WM^m^h „ 

[00 57 ] ^fc, 01 , St^afl^XT-Atfc^ 

Ti. s-^affyxxi.1 ofcitw'mr.^afiyxx 

A20^gPDNS14, 2 4£fIi_T^Tt 
[0 0 58] p-^/yTFF-xt-f Fffl^'n 
-y^'/FT F FX^I^f^fJ 0 ST £>*ifc§§Kc7)** F^ 

3 5 tdR#$^S^, ^hiiD N S 2 4 *\ DNS V"- 
yffifg^WII^MS 5 tdiUfttS „ T7^X$[J«gM3 
5 (4 .*?\-m D N S 2 4 3&» t c?) D N S V"- y> If fg^jET 
*43W53&»*l|g-t5. 4^IE^T-^(4iK*L, 
M3 5(c{4tei-=ScV\ 

[00 59 ] jg-Ofifl^y F7-^ 1 0^*Xb3 

yti-^(7)*xb^fjj:t;-fy^-^7 Fffl^"n-ys' 
;FTFFX?:«iIgM3 5 (;JX#§-^I>^(;(4. ^hgp 
DNSH^'DNS V - yfif «HgM 3 5 fciifrf 

[00 60 ] u-l)>VTYVXt4 Fffl^n 
-y^VFT F FX^I^^fJ 0 ST JotLJtSMCML-T . 
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<mm.<nu~i])VT Y vx t ?u-Ji)VT Y ^x t <nft 

jESr, NATf-^fc UNATA^^3 3tfiift3 

yx «MJSG£ D N s y- yfif fgfc L T V P Nffl D N s 
3 4fcffi&§^mH'%^\ £;fl£>tf)*ttE£NA 
T;l/-^3 3^VPNfflDNS34fc«JfMSfcfe 
fc, ?h§PD NS2 4i\ D N Sy-yfif$g£iIf|L£f£ 
CXT77S9 1, S9 2fc»7)|M1^fi : d. 
[0 0 6 1 ] WJTIi, f=a^E3 5ii, ^f-g&D N S 3 
4*>£>>f y?-*-y Wn-A'^r^Xt^Xb^ 
fc^MJ££^1i!$g£K#^l> 0 #^T. *7lV-^ 
-fey^3 0(i, u-i})V7YVX*?^ u-i})V7YVX 

MM * >y I- 1 ?-? 10,20 ft^§IM?M y?-* «y h 
ffl^n s'/yr b' y X *> *mth ~ t S . 
[0 0 6 2] >fy^-^>yb5 0fcfiSK-tSJg* 

(a^-thr, ) mp, m-<r>mm*v y v-? i o^m 

—<VMm* v YV -9 2 0 O^XYziyh" a. -?lzT 7 
■tSSH***. *XY%£$imlX. JhSSDNS 1 4^h 

i3D n s 2 4 izmmmzm-M-t h . N S 1 4 , 

7Kyx£S*fcEITtS 0 ^^^-^7 

?Cf-^JIit§. *fl>IK, >f y?-*-yb 5 Oi: 
ffi-^am^-y 1 O^Hr^jffl^y hV-? 

20<DP B lfc(2, 7T^7'> ; r-;^NATiI (Htk 
) L , Wb7 Y VXXfo h ^IV7 Y 

yx£^fe*x b on-^;yr f yx'\^m^-§ . 
[ o o 6 3 ] a/s, m-^afi^'y bv-^ i o^m~ 

Offiff *<y YV~9 2 OF^Offi*!! -f y*-*-y b 5 

m^XLXVK mmi l^fiJtLT, Lcr)%-£(7)MW 
tov^TiKBJ-fS. SSS*l l(±, raDNSi3(y -f 
y^-^-y I- 5 0HMt5^b3yta-^^|[ 
88ftS:g:*rf 6. ftiiDNS 1 3i±, ffiftLTl^U* 

tf7 */t-M:tM y >y 1- 5 0 fcSfTf £ DNS 
(l2*-t*-f. ) t**8U £f«£»f§ 0 --fy? 
-*-y b 5 0 fc&igg-rSDN sti, £IflBfcS:fTV\ * 

x h a yta-^(o^o-A'^r Fu*£sg*i i \zm 

^xbnyb^-^tr-^^jIfl-f-So itt. vpn 

1 i-rc n '"rr'-t r >*j.'5: T F 4fBDNS34fcifrB 
LTs VPNfflDNS34t^Mft?^^Sffi-fS 0 d^I 
i±, rt&DNSl 3<7DNS]^3-KKiSVvtHr<?)3lfi 
^yI-7-?2 0ft^K^yfcMLTti:. VPNffl 



DNS34C9*Xb£, I PTKyx£f!tSrf"!).I£ 
T\ VPNfflDNS3 4fc£mjPKfe£Sft-C#l>. 
[0064] 

[ffiHH^S&S] *M^»flyXxAfc J;ilH\ tfifHr 

y^«. ®-ofim^-y hu-^t^^mm^m^ 

1 P7YV7,?tm&h7Yvxmmmtitmih< 1 
Mix. B-comm^vYy-? tmz.cDmm*v yv 
~?x\ mmwzm^thz. t s „ t 
tz . m-^Mim- vYv-^t m^mm- vyv-j 

[00 6 5 ] ±tz, ^^mmmumk xtiii, tm* 

mnWi&temtZftXYziyVj.-fcDv-XfVTYU 
X t^jE-f h 7'n~> \)VT YVX^m^L, Wfe y ^ 

xi&mr&T y uxmmmt\ wttitm-j* 

jVTYVX^XYziyyf^-^^u-^jVTYVX^Z 

sat aiSfc^n-^rH^irpwsa* 
T-?**xYzi>¥2.-?i l zmmt&» fe-?x, 

[M^m»J] 

[01] *fWHt:i: l>aftyxTAcoHJfico-^& 
[02] g&ZtiZ I PTbyxoMJtG^^IMS 

[03] mm^x^j,commm^^nmx% 

[04 ] *^0jt i mm^x^^coimmmmm 

[05] aftyxxAoij{^Mi:^^0T"fc 

[06 ] *^0jt i samyxxA^ffito^t^fj 

[07 ] «*^afiyxxi.^M^^y n ■y?mx- 

10 m-^aft^-y YV~9 

1 1 

12 VPNUM 

13 rtgPDNS 

14 7hi5DNS 

2 0 W,ZL<m.m-v YV-9 
2 1 XXYziyVx.-? 
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